Determination Innovation and Production Limited (trading as “The Story in Portrait”), a company registered in England and Wales, is committed to protecting your privacy and safeguarding your personal data. This Privacy Policy explains how we collect, use, store, share, and protect personal data when you engage with our services, including the creation of personalised family photo storybooks and memoirs (referred to as “Storybooks”).

Our services involve curating bespoke memoirs that blend evocative photography, handwritten reflections, descriptive writing, poetry, and cinematic elements to preserve personal legacies. This process requires us to handle sensitive personal information, such as life stories, family anecdotes, and photographs, which we treat with the utmost care and in compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable data protection laws.

We act as the data controller for the personal data we process. If you have any questions about this Privacy Policy or our data practices, please contact us using the details provided at the end of this document.

1. Personal Data We Collect

We collect personal data directly from you or, in limited cases, from third parties (e.g., family members providing information on your behalf). The types of data we collect depend on your role and interaction with us:

1.1 Storytellers (Individuals Providing Content for Storybooks)

• Basic Personal Information: Name, contact details (email, phone number, postal address), and date of birth (where relevant to verifying identity or tailoring content).
• Content Data: Stories, biographies, anecdotes, photographs, reflections, and other materials you voluntarily provide to create your Storybook. This may include sensitive personal data, such as information about health, family relationships, ethnic or cultural background, religious beliefs, or personal experiences (e.g., triumphs, losses, or transformations).
• Third-Party Information: Details about individuals mentioned in your stories (e.g., family members), which you confirm you have permission to share.

1.2 Clients (Individuals Ordering or Purchasing Storybooks)

• Order and Payment Information: Name, billing address, payment details (processed securely via third-party providers), and delivery details.
• Communication Data: Records of enquiries, feedback, or correspondence related to orders.

1.3 Website Visitors and Enquirers

• Technical and Usage Data: IP address, browser type, device information, pages visited, time spent on the site, and referral sources (collected via cookies and analytics tools).
• Enquiry Data: Name, email, phone number, and message content submitted through contact forms.

2. How We Use Your Personal Data

We use your personal data solely to provide and improve our services, in line with our legitimate business needs and legal obligations. Specific uses include:

• Providing Services: To create, review, and produce your Storybook, including recording interviews (if applicable), incorporating your provided content, and obtaining your final approval before printing or delivery.
• Processing Orders: To handle payments, fulfil deliveries, and manage your account.
• Communication: To respond to enquiries, provide updates on your Storybook progress, and send service-related notifications.
• Improvement and Analytics: To analyse usage patterns, enhance our website and services, and conduct internal research (e.g., anonymised feedback on memoir creation processes).
• Marketing: To send you information about similar services, updates, or promotions, but only with your consent or where you are an existing client (under legitimate interests). You can opt out at any time.
• Legal and Security: To comply with legal requirements, prevent fraud, and protect our rights.

We will not use your data for automated decision-making that significantly affects you without your consent.

3. Legal Basis for Processing

Our processing of personal data is justified under UK GDPR as follows:

• Contractual Necessity: To fulfil our agreement to create and deliver your Storybook.
• Legitimate Interests: For business operations such as site analytics, fraud prevention, and targeted marketing to existing clients, balanced against your rights.
• Consent: For sensitive data (e.g., health or biographical details) and marketing communications.
• Legal Obligation: To meet regulatory requirements, such as record-keeping for tax purposes.

4. Sharing Your Personal Data

We share personal data only when necessary and under strict confidentiality agreements. Recipients include:

• Service Providers: Trusted third parties for payment processing (e.g., Stripe), printing and delivery, secure storage (e.g., cloud platforms), and analytics (e.g., Google Analytics). These providers are contractually bound to protect your data.
• Collaborators: Limited sharing with freelance writers, photographers, or interviewers involved in your Storybook, solely for production purposes. You will be informed if this involves cross-border transfers.
• Legal and Business Purposes: With authorities, legal advisors, or in the event of a business sale, merger, or to enforce our terms.
• Third-Party Individuals: For information about others in your stories, we rely on your assurance of consent; we do not independently verify or share this beyond production needs.

We do not sell your data to third parties for marketing.

5. Data Retention

We retain personal data only as long as necessary:

• Storybook Content and Client Data: Indefinitely for a digital copy of your Storybook (for reprints or queries) and basic contact details; other data for up to 10 years post-completion to handle complaints or legal claims.
• Enquiry and Communication Data: 10 years from last interaction.
• Website Usage Data: 26 months.
• Marketing Data: Until consent is withdrawn.

Data is securely deleted or anonymised thereafter. You may request earlier deletion subject to legal retention requirements.

7. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

• Encryption of data in transit and at rest.
• Access controls, secure servers, and regular audits.
• Staff training on data protection.
• Incident response procedures for breaches.

While we strive for robust security, no system is infallible; we cannot guarantee absolute protection against all risks, particularly during internet transmission.

8. Cookies and Tracking Technologies

Our website uses cookies—small text files—to enhance functionality and analyse usage. Types include:

• Essential: For site operation (cannot be disabled).
• Analytics/Performance: To track visits and improve services (e.g., via Google Analytics; see Google’s Privacy Policy for details).

You can manage cookies via your browser settings or our cookie preference centre. Disabling them may affect site features.

9. International Data Transfers

If we transfer data outside the UK/EEA (e.g., to cloud providers or international collaborators), we ensure safeguards such as standard contractual clauses or adequacy decisions. Contact us for details on specific transfers.

10. Changes to This Privacy Policy

We may update this policy to reflect changes in our practices or laws. Significant updates will be notified via email or our website. Continued use of our services constitutes acceptance.

11. Contact Us

For privacy queries, rights exercises, or complaints:

• Email: info@thestoryinportrait.com